WIXLIB

Computer NetworkingìCOMP 177 Fall 2020 University of the Pacific Jeff ShaferInternet ControlMessage Protocol(ICMP)

2RecapPast Topicsì Overview of networking andlayered architectureToday’s Topicsì Internet Control MessageProtocol (ICMP)ì Wireshark packet snifferì Ethernet, WiFi, VLANsì IPv4ì ARPComputer NetworkingFall 2020

3Internet Control Message Protocolì One of the core protocols in the Internetì Primarily used to communicate errors among routersand hostsìììIP datagram errorsCommunicate routing information/errorsCommunicate diagnosticsì Not (typically) used by applicationsì Applications communicate application-level errors usinghigher level protocolsì Ping and traceroute are the exceptionsComputer NetworkingFall 2020

4ICMP PacketsBytes:71Preamble SFD6DA6SA20x080020-60IP Hdr4ICMP Hdr0-14760-22Data Pad4CRCICMP Packetì ICMP packets are encapsulated in IP datagramsì IP protocol field: ICMP (0x01)ì Header fieldsì Type (1 byte)ì Code (1 byte)ì Checksum (2 bytes)Computer NetworkingFall 2020

5ICMP in IP in EthernetDestination MAC AddressDestination MAC AddressSource MAC AddressSource MAC AddressType (0x0800)VersionTotal LengthIdentificationFlagsTime-To-LiveFragment OffsetHdrLenType of ServiceProtocol (0x01)Header ChecksumSource IP AddressSource IP AddressDestination IP AddressDestination IP AddressOptions and PaddingOptions and PaddingTypeChecksumPayloadEthernet CRCComputer NetworkingCodeFall 2020

ICMP Message TypesComputer Networking6Fall 2020

7ICMP Status Reportingì ICMP status reporting messages have eitherì ICMP Echo type, orì ICMP Timestamp typeì Using ICMP status reporting types, sender mayquery the receiver about its status. The receiver,upon receiving the request sends a replyì Each request includes a 16-bit query IDì The reply uses the same query ID, in responseComputer NetworkingFall 2020

8ICMP Error Reportingì ICMP error reporting messages are caused by thetransmission of IPv4 datagramsì Each ICMP error reporting message includesì The IPv4 header of the packet that has caused theerror (e.g. 20 bytes)ì First 8 bytes of the IPv4 packet payload that hascaused the errorì If TCP or UDP is the payload of IPv4, then portnumbers are within this 8 bytes!Computer NetworkingFall 2020

9ICMP Error Reportingì If the following IPv4 datagram causes an error IPv4 headerIPv4 payload (TCP, UDP, ICMP, etc.)ì then the ICMP error reporting message wouldlook like this:8 bytesIPv4 headerIPv4 headerICMP headerIPv4 payload (TCP, UDP, ICMP, etc.)IPv4 headerICMP messageComputer NetworkingFall 2020

10ICMP Echo: PingICMP Echo RequestEchoICMPReplyICMP Echo RequestReplyohcEICMPComputer Networkingì Common tool used to test basicnetwork connectivityì Is target host alive?ì Is there a route to the targethost? And back?ì How long does it take to reachthe target host?Fall 2020

11Pingdhcp-10-10-207-20: shafer ping -c 3 www.pacific.eduPING www.pacific.edu (192.168.200.100): 56 data bytes64 bytes from 192.168.200.100: icmp seq 0 ttl 252 time 0.738 ms64 bytes from 192.168.200.100: icmp seq 1 ttl 252 time 1.025 ms64 bytes from 192.168.200.100: icmp seq 2 ttl 252 time 0.776 ms--- www.pacific.edu ping statistics --3 packets transmitted, 3 packets received, 0.0% packet lossround-trip min/avg/max/stddev 0.738/0.846/1.025/0.127 msdhcp-10-10-207-20: shafer ping -c 3 www.google.comPING www.l.google.com (74.125.19.103): 56 data bytes64 bytes from 74.125.19.103: icmp seq 0 ttl 56 time 7.534 ms64 bytes from 74.125.19.103: icmp seq 1 ttl 56 time 7.295 ms64 bytes from 74.125.19.103: icmp seq 2 ttl 56 time 7.661 ms--- www.l.google.com ping statistics --3 packets transmitted, 3 packets received, 0.0% packet lossround-trip min/avg/max/stddev 7.295/7.497/7.661/0.152 msComputer NetworkingFall 2020

12ICMP Echoì Ping uses ICMPì ICMP Echo Request (type 8)ì ICMP Echo Reply (type 0)ì Sender creates Echo Request packets1Type (0x08)12Code (0x00) Checksum2Identifier2Sequence #0-DataCopyì Receiver replies with Echo Reply packets1Type (0x00)Computer Networking12Code (0x00) Checksum2Identifier2Sequence #0-DataFall 2020

13ICMP Destination Unreachableì ICMP Destination Unreachable message type hasdifferent codes, representing different errorconditionsì Network unreachableì Host unreachableì Port unreachableì Fragmentation required but DF (“don’t fragment”)setì Administratively prohibitedComputer NetworkingFall 2020

14Network Unreachableì If a router in the path cannot find a matching entryin its forwarding table for the destination IP addressì It drops the packet, andì It sends an ICMP Network Unreachable messageback to the senderComputer NetworkingFall 2020

15Network Unreachableì Example - Consider an IPv4 packetì Source IP address: 137.82.251.11ì Destination IP address: 88.211.92.56ì Assume that a router in the path with IP address55.37.127.69 has the forwarding tableDestinationComputer int1211.8.0.0/16int255.0.0.0/8int3Fall 2020

16Network Unreachableì Example (continued) – The router cannot forward thepacket (no match in forwarding table)ì Generates ICMP error messageì Type: Destination Unreachableì Code: Network Unreachableì Includes original IPv4 header (w/destination IP andsource IP)ì ICMP message is encapsulated in IPv4 packetì Source: 55.37.127.69 (the router)ì Destination: 137.82.251.11 (original source)Computer NetworkingFall 2020

17Host Unreachableì If the last router in the path between the sourceand destination cannot reach the destination(which is in the same LAN as router interface)ì The router drops the packet, andì The router sends back an ICMP Host Unreachablemessage to the senderComputer NetworkingFall 2020

18Host UnreachableComputer NetworkingìHow does the router realize that the host is not reachable?ìThe router receives the IPv4 packet and checks its destination IP addressìThe router does longest prefix match and determines that the destination is in adirectly-connected subnet (on egress interface X)ìIn order to send the IPv4 packet to the destination, that packet should beencapsulated within a link layer frame. So, destination MAC address is requiredìThe router queries its ARP cache to pick up the MAC address matching thedestination IP address. There is not any valid entry in the ARP cache.ìThe router broadcasts an ARP request through interface X, asking for the MACaddress that belongs to the destination IP addressìNo reply comes back? The host is unreachableFall 2020

19Port Unreachableì Used for UDP packets encapsulated within IPv4packetsì If the packet is deliverable to its destination, but onthat host the UDP port is closed, then the hostsends back ICMP Port Unreachable message to thesender of the packetì Question: Why not TCP?ì TCP is connection-oriented. If TCP port is closed, TCPhandles it itself! (With a “Reset” message)ì UDP however is silent about closed portsComputer NetworkingFall 2020

20Other Destination Unreachable Messagesì Fragmentation required, but DF setì If the IPv4 packet size exceeds MTU and DF flag on IPv4header is setì The packets is droppedì ICMP error message is sent back to the senderì Administratively prohibitedì If the last router in the path is able to forward the packetto the ultimate destination, but for some reason it hasbeen configured to drop the packets to that destinationì The router drops the packetì The router sends back an ICMP network administrativelyprohibited message to the senderComputer NetworkingFall 2020

21ICMP Time Exceededì Each network layer service, in the path between thetwo endpoints, decrements the TTL value in theIPv4 headerì If after decrementing the TTL becomes 0:ì The packet is droppedì An ICMP Time Exceeded message is sent back to thesenderComputer NetworkingFall 2020

22ICMP Time Exceededì How can a host identify the path between itself and aremote host?ì By causing the nodes in the path to send back ICMPTime Exceeded messagesìThe source IP address on the IPv4 packet encapsulatingthe ICMP message reveals those nodesì How can we cause nodes in the path to generate thistype of ICMP message?ììComputer NetworkingBy setting the TTL value to a certain amount!Traceroute toolFall 2020

23Traceroute (1)ìTraceoute uses ICMP TTL expired messages to identify the path between two hostsìììSends IPv4 packet(s) with TTL 1, then with TTL 2, then with TTL 3, .The IPv4 packets encapsulate a UDP datagram with unconventional destination port numberExample: A runs traceroute on B.Source IP: ADestination IP: BTTL 1-----------------UDP Destination Port 63782BR1R2R3AComputer NetworkingFall 2020

24Traceroute (2)ìTraceoute uses ICMP TTL expired messages to identify the path between two hostsìììSends IPv4 packet(s) with TTL 1, then with TTL 2, then with TTL 3, .The IPv4 packets encapsulate a UDP datagram with unconventional destination port numberExample: A runs traceroute on B.Source IP: ADestination IP: BTTL 1-----------------UDP Destination Port 63782R1BR2R3AComputer NetworkingFall 2020

25Traceroute (3)ìTraceoute uses ICMP TTL expired messages to identify the path between two hostsìììSends IPv4 packet(s) with TTL 1, then with TTL 2, then with TTL 3, .The IPv4 packets encapsulate a UDP datagram with unconventional destination port numberExample: A runs traceroute on B.BSource IP: R1Destination IP: A-----------------ICMP TTL Expired!R1R2R3AComputer NetworkingFall 2020

26Traceroute (4)ìTraceoute uses ICMP TTL expired messages to identify the path between two hostsìììSends IPv4 packet(s) with TTL 1, then with TTL 2, then with TTL 3, .The IPv4 packets encapsulate a UDP datagram with unconventional destination port numberExample: A runs traceroute on B.HopRouter1R1BSource IP: R1Destination IP: A-----------------ICMP TTL Expired!R1R2R3AComputer NetworkingFall 2020

27Traceroute (5)ìTraceoute uses ICMP TTL expired messages to identify the path between two hostsìììSends IPv4 packet(s) with TTL 1, then with TTL 2, then with TTL 3, .The IPv4 packets encapsulate a UDP datagram with unconventional destination port numberExample: A runs traceroute on B.HopRouter1R1Source IP: ADestination IP: BTTL 2-----------------UDP Destination Port 63782BR1R2R3AComputer NetworkingFall 2020

28Traceroute (6)ìTraceoute uses ICMP TTL expired messages to identify the path between two hostsìììSends IPv4 packet(s) with TTL 1, then with TTL 2, then with TTL 3, .The IPv4 packets encapsulate a UDP datagram with unconventional destination port numberExample: A runs traceroute on B.HopRouter1R1Source IP: ADestination IP: BTTL 2-----------------UDP Destination Port 63782R1BR2R3AComputer NetworkingFall 2020

29Traceroute (7)ìTraceoute uses ICMP TTL expired messages to identify the path between two hostsìììSends IPv4 packet(s) with TTL 1, then with TTL 2, then with TTL 3, .The IPv4 packets encapsulate a UDP datagram with unconventional destination port numberExample: A runs traceroute on B.HopRouter1R1BSource IP: ADestination IP: BTTL 1-----------------UDP Destination Port 63782R1R2R3AComputer NetworkingFall 2020

30Traceroute (8)ìTraceoute uses ICMP TTL expired messages to identify the path between two hostsìììSends IPv4 packet(s) with TTL 1, then with TTL 2, then with TTL 3, .The IPv4 packets encapsulate a UDP datagram with unconventional destination port numberExample: A runs traceroute on B.HopRouter1R1BSource IP: R2Destination IP: A-----------------ICMP TTL Expired!R1R2R3AComputer NetworkingFall 2020

31Traceroute (9)ìTraceoute uses ICMP TTL expired messages to identify the path between two hostsìììSends IPv4 packet(s) with TTL 1, then with TTL 2, then with TTL 3, .The IPv4 packets encapsulate a UDP datagram with unconventional destination port numberExample: A runs traceroute on B.HopRouter1R1BSource IP: R2Destination IP: A-----------------ICMP TTL Expired!R1R2R3AComputer NetworkingFall 2020